Re: [DNSOP] Call for Adoption: draft-pwouters-powerbind

John Levine <johnl@taugh.com> Fri, 01 May 2020 01:44 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D82A3A0834 for <dnsop@ietfa.amsl.com>; Thu, 30 Apr 2020 18:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=nnFrhtjb; dkim=pass (1536-bit key) header.d=taugh.com header.b=y0aVXSxR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UUO_erYrZwIj for <dnsop@ietfa.amsl.com>; Thu, 30 Apr 2020 18:44:30 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A25C3A0833 for <dnsop@ietf.org>; Thu, 30 Apr 2020 18:44:30 -0700 (PDT)
Received: (qmail 45486 invoked from network); 1 May 2020 01:44:28 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b1ab.5eab7efc.k2004; bh=ffpzvyRpdg6i/18LqkJm4vmhZ/1dk4nPD1oK3/D0vlo=; b=nnFrhtjbXYShv+I6oIddJ9wuA+AtSU/ZhL9BgSNq3VsyWfsU6KpVGBJyrf5LkYDMy3f41n7LQSS69mSr2Ct5NAV84GuYiQdeMUxoQdpxIh1kmWuH8L73DF05SW8JpGil94KFSQSAy9uLCU60YOhRRoyXem4V3DxWXJchJZEgFAYwc6FvnNOheJ4BoSMK04tpfsw1gSiUuVqmPJCtmKgL2HbhS8pzpVNeviDglN182OVFmY+DZyfue9QnMkmdg/C0
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b1ab.5eab7efc.k2004; bh=ffpzvyRpdg6i/18LqkJm4vmhZ/1dk4nPD1oK3/D0vlo=; b=y0aVXSxRs5zgO73Ugf7eg21DUOMzU6XMlRitEk2N6tJEh0gZrA+G8/6Ld82vKJ9h+sT7QMBvKuPu3YyFH0/obcNZYLFrTGXLy0gcu2W3gqqV7KD7/q6dreXRtob1jibB8JLmc0O+G/a8JWvh3xvxNNg6cwIz47erbn6QkgqqGWYFAUTf8HhsHaou+gqeZzAJoVEJNlj7eLcH9R1XREnVOe0EBuRLaoce+pBKU7pdyOF3wpQZls+42aI4g1R/J2K3
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 01 May 2020 01:44:28 -0000
Received: by ary.qy (Postfix, from userid 501) id 427E818950D7; Thu, 30 Apr 2020 21:44:27 -0400 (EDT)
Date: 30 Apr 2020 21:44:27 -0400
Message-Id: <20200501014428.427E818950D7@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dnsop@ietf.org
Cc: wjhns1@hardakers.net
In-Reply-To: <yblr1w438fb.fsf@w7.hardakers.net>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NR6z10Q_Q9DFuwMgymJxNoN2rpk>
Subject: Re: [DNSOP] Call for Adoption: draft-pwouters-powerbind
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2020 01:44:34 -0000

In article <yblr1w438fb.fsf@w7.hardakers.net> you write:
>Yep, I suspect some of the bigger TLDs probably couldn't opt in to this
>draft simply because they're full of, um, "history".  Until that history
>is cleaned, they probably couldn't deploy it.

It's not just history.  All of the nominet TLDs and many Verisign TLDs
have signed A records that are clearly deliberate.  There's also a fair
number of TXT records named zz--zz.<domain> that have some sort of info
about when the zone was updated.

I think it's benign to allow any sort of record as an immediate child
of the domain, since you need to go two levels down for split zones.
That handes the nominet and zz--zz cases.

R's,
John